The extent of data sharing indicates information developmental level of a region or a country, the higher the extent of data sharing, the higher the information developmental level. The implementation of data sharing enables more and more people to make full use of existing data resources, duplication of labor such as information collection and data sampling, and corresponding cost can be reduced; further, cloud storage provides data sharing with a more safe and effective platform. Cloud storage is a new concept extended and developed from the concept of cloud computing, and serves as a system which uses various functions such as cluster application, grid technology, distributed file system to cluster a large number of storage devices with different types in the network through application software, such that these storage devices cooperate with each other and provide data storage, business access function together to the external. A user can connect to the cloud at any time, at any place via any device that is capable of connecting to the Internet for accessing data conveniently.
Therefore, how to ensure security of shared data during data sharing and thereby prevent a cloud storage system or data within an information network from various threats, interferences and destruction has become an important aspect about research of cloud computing. Attribute-based Encryption (ABE) is a new type of public key encryption protocol being popular recently, which develops from the identification encryption method. As for attribute-based encryption, the identity of the user is described by series of attributes, a decryption can be done and a clear text can be obtained only when identity attribute of the user meets the access strategy defined by the system. This access control protocol further improves safety of shared data, and ensures the flexibility of data sharing. For example, different access rights can be opened to the user according to the identity attribute of the user and the value of the identity attribute, which is particularly good for access control of shared data in certain field. As a sample, taking an electronic medical record sharing system as an example, it is possible to set up hospitals qualified to be given some professional titles, only doctors who are in relevant domains and have pre-specified years of working ages are allowed to check medical records of the same category of patients. If access control strategy including a username and a password is adopted simply, effective access control for shared data is hard to be implemented.
However, the existing attribute-based encryption access control strategy needs a central identity verification authorizer, which works as a medium and verifies the identity of the user so as to provide different attribute authorizers with corresponding parameters, in this way, it is possible for different attribute authorizers provide user attribute components for a same user. It can be seen that, due to the existence of the central identity verification authorizers, once the central identity verification authorizers are broken through, user attribute components can be filched easily, data decryption can be further implemented, and data security would be reduced, meanwhile, the complexity of data sharing access control would be increased.